Apple’s Security Updates for Applications and Operating Systems
Apple Corporation recently issued updates to several applications and operating systems, affecting numerous hardware and software versions in response to zero-day vulnerabilities. The updates strengthen the security of these applications such that the vulnerabilities have a reduced ability to affect the systems and applications involved.
What Happened
While Apple Corporation’s hardware and operating systems (OS) tend to be very secure, there is never a time when they are entirely safe and free of vulnerabilities that might affect them, for this reason, every so often (usually once a month), to close or mitigate any problems that do arise.
On April 7th and April 10th of this year, Apple released several updates that addressed vulnerabilities related to arbitrary code execution.
Arbitrary code execution is where input to an application or hardware can be crafted to take advantage of a lack of input validation in order to allow code to be injected into the system. This code can be malicious, which might give a threat actor the ability to take control of a system or applications, gather information, or move to other systems that are on the same network.
Normally, if there is a place in an application or hardware coded instructions, there is a validation process that only allows the proper input to be entered. For instance, if there is a place to enter your name or email address, then the information you enter must be in that format and might be limited in the number of characters or types of characters that you are allowed to enter.
When this check is not part of the programming, other information that is inappropriate can be entered instead.
What did Apple update?
Apple updated the OSs for the following hardware:
- iOS to versions 15.7.5 and 16.4.1
- iPadOS to versions 15.7.5 and 16.4.1
- macOS Monterey to version 12.6.5
- macOS Big Sur to version 11.7.6
- macOS Ventura to version 13.3.1
Apple also updated their Safari application version to 16.4.1 across all platforms that can take that update.
It is recommended that any Apple hardware or software users check their systems for these updates as soon as possible and update at the earliest time in order to avoid any potential breaches of the systems or applications.
How will this Affect You
The updates are relatively small and quick to download and complete, but this depends on the availability of Internet and may also be dependent on whether you have cellular service for any smartphones or other devices that use it. Both Internet and cellular service may be subject to charges depending on your service contracts, so please verify and move forward as appropriate.
If you opt not to update your systems and applications, then your device security will be in a compromised state, which could allow malicious code to be executed on them. There are better options than this.
What should you do
Update your operating systems and software, not just for Apple products, but for all products that you use at regular intervals or when these updates become available. This affects not only the security but also the usability of these systems, so it is always best practice to do so.
If you work at a company with an internal IT department, They will usually do these updates automatically after performing checks to ensure they will not cause problems.
Northstarr Recommendations
- If you are a small business or individual, subscribe to the security bulletins that your operating system or software vendor puts out. Please be aware that some of the popups you may see on your screen could be scams. Here are some resources that might be helpful:
- For Apple you can sign up for their mailiing list here: https://lists.apple.com/mailman/listinfo/security-announce/
- For Windows there is a blog post from Microsoft here: https://msrc.microsoft.com/blog/2022/01/coming-soon-new-security-update-guide-notification-system/
- Another option is to consider signing up for cybersecurity updates by the US Governments Cybersecurity and Infrastructure Security Agency (CISA). There are several ways you can consume their content, including RSS Feed, Social Media, and Email. You can find more information about that here: https://www.cisa.gov/about/contact-us/subscribe-updates-cisa.
To learn more about how we can help, visit our website or call (888) 767-2210 to set up an appointment. We look forward to meeting with you!
